<?php
	session_start();
	include("../../include/dbconnect.php");
	
	extract($_POST);
	$table="quyen";
	
	header("Content-Type: text/xml");
	echo "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>";
	echo "<quyen>";
	if($_SESSION["un"]=="")
	{
		echo "<status>fail</status>";
		echo "<message>Chưa đăng nhập !</message>";
	}
	elseif($_SESSION["un"]!="admin")
	{
		echo "<status>fail</status>";
		echo "<message>Phải là người dùng admin !</message>";
	}
	else 
	{
		$daco=false;
		$SQL="select * from $table where un='$un' and mamod='$mamod'";
		$rs=mysql_query($SQL,$conn);
		$daco=(mysql_num_rows($rs)>0);
		mysql_free_result($rs);
		if($daco)
		{
			$SQL="update $table set ";
			$SQL=$SQL."select_r='$select_r',insert_r='$insert_r',update_r='$update_r',delete_r='$delete_r' ";
			$SQL=$SQL."where un='$un' and mamod='$mamod'";
		}
		else
		{
			$SQL="insert into $table (un,mamod,select_r,insert_r,update_r,delete_r) values (";
			$SQL=$SQL."'$un','$mamod','$select_r','$insert_r','$update_r','$delete_r')";	
		}
		mysql_query($SQL,$conn) or die($SQL);
		echo "<status>ok</status>";
		echo "<message>Đã cập nhật quyền hạn !</message>";
	}
	
	echo "</quyen>";
	include("../../include/dbclose.php");
?>